Formal Verification of Security Properties of Smart Card Embedded Source Code
نویسندگان
چکیده
This paper reports on a method to handle the verification of various security properties of imperative source code embedded on smart cards. The idea is to combine two program verification approaches: the functional verification at the source code level and the verification of high level properties on a formal model built from the program and its specification. The method presented uses the Caduceus tool, built on top of the Why tool. Caduceus enables the verification of an annotated C program and provides a validation process that we used to generate a high level formal model of the C source code. This method is illustrated by an example extracted from the verification of a smart card embedded operating system.
منابع مشابه
Formal Proof of Smart Card Applets Correctness
The new Gemplus smart card is based on the Java technology, embedding a virtual machine. The security policy uses mechanisms that are based on Java properties. This language provides segregation between applets. But due to the smart card constraints a byte code verifier can not be embedded. Moreover, in order to maximise the number of applets the byte code must be optimised. The security proper...
متن کاملFormalisation and Verification of Java Card Security Properties in Dynamic Logic
We present how common JAVACARD security properties can be formalised in Dynamic Logic and verified, mostly automatically, with the KeY system. The properties we consider, are a large subset of properties that are of importance to the smart card industry. We discuss the properties one by one, illustrate them with examples of real-life, industrial size, JAVACARD applications, and show how the pro...
متن کاملFormal Development of Safe and Secure Java Card Applets
This thesis is concerned with formal development of JAVA CARD applets. JAVA CARD is a technology that provides a means to program smart cards with (a subset of) the JAVA language. In recent years JAVA CARD technology gained great interest in the formal verification community. There are two reasons for this. Due to the sensitive nature (e.g., security, maintenance costs) of JAVA CARD applets, fo...
متن کاملFormal Methods for the Verification of Safety Critical Applications using SPIN Model Checker
Security over the years has been a major concern for the organizations and companies. With the emergence of smart cards, industry has become more interested in methodologies which are used to establish the correctness and security of the applications developed with the acceptance of the use of smart cards in such domains. This paper provides a general introduction to the state-of-the-art of for...
متن کاملBytecode verification on Java smart cards
This article presents a novel approach to the problem of bytecode verification for Java Card applets. By relying on prior off-card bytecode transformations, we simplify the bytecode verifier and reduce its memory requirements to the point where it can be embedded on a smart card, thus increasing significantly the security of post-issuance downloading of applets on Java Cards. This article descr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005